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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



In Re Application of: Schwab et al. 

Serial No.: 09/877,596 Group No.: 2157 

Filed: June 8, 2001 Examiner: L. Jacobs 

For: METHOD FOR SECURE TRANSACTIONS UTILIZING PHYSICALLY SEPARATED 
COMPUTERS 

PRE-APPEAL REQUEST ARGUMENTS 

Mail Stop AF 
Commissioner for Patents 
PO Box 1450 

Alexandria, VA 22313-1450 
Dear Sir: 

In response to the final Office Action mailed August 6, 2010, Appellant hereby submits a Notice 
of Appeal accompanied by a Pre-Appeal Request for Review. Pre- Appeal Brief arguments are below 
for the consideration of the review panel. 

Rejection of Claims 1-15 Under 35 U.S.C. §103(a) 

Claims 1-15 are rejected under 35 U.S.C. 103(a) as being unpatentable over Khidekel et al. in 
view of Messner. 

The teachings of Khidekel reside in a method for controlling the security of transactions by 
controlling access to the resources in question (paragraphs 0005 and 0006). In this technique, a user 
desiring access to a particular resource is directed to a first security server, wherein the user's 
credentials are authenticated. If the user is authorized to access these resources, then a token is 
provided, by which method the user can access other servers. Depending on the structure of the 
systems, it may be necessary to provide a token for each server to be accessed, thereby resulting in 
multiple tokens being issued. In all cases, the desired transaction is initiated by the user when the user 
requests access to the resources. However, once the user has been authenticated and has been issued the 
token (or tokens), there is no direct involvement in authorizing the specific transactions that later are 
conducted by the user. Although the system may require the user to be re-authenticated later in the 
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transaction process, it is the user that is approved, not the specific transaction details themselves. In this 
sense, the system is similar to a user obtaining a pass [token] to an amusement park. While the user 
may be required to exhibit the pass before being allowed to go on a ride, the authorization is not specific 
to the particular ride, it only is related to whether the user is allowed to be inside the park. 

In summary, the Khideke! is an access control system, which is not related to any specific 
activities after the access has been granted, and which teaches away from participation in the details of 
any specific transaction that occurs after access is allowed. The access is controlled by way of a token, 
which is issued on request by the user. 

The teachings of Messner reside in a two methods for authenticating a transaction before 
approval. 

In the first method ("Split Transaction Model" — paragraphs 0083 - 0089, and Fig. 9 A and 9B), 
the authorization is transmitted simultaneously with the order information. This obviously is different 
from the instant invention, in which the authorization is transmitted after the order is submitted, and by 
way of a pre-determined communication path/method (typically via a third-party or a user-designated e- 
mail account). The system essentially assumes that an order received from a particular client computer 
has been issued by the user himself or herself. 

In the second method ("Interactive Client Approval Model" — paragraphs 0090 - 0097, and Fig. 
10A and 10B), the user is required to provide a confirmation of the order, but the approval is performed 
by through a specific channel — the user client system. Although Messner specifies that the request is 
transmitted to the user client system by way of IP addresses, this is impractical unless the step is 
performed contemporaneous to the transaction. IP addresses on typical connections (such as dial-up 
service, or broadband services provided by various Cable or Telephone service providers) are assigned 
dynamically using systems such as DHCP, and thus are not persistent. If a user were to log in over a 
wireless connection, and then switch to a separate wired connection after arriving at home, then there is 
essentially no possibility that the two sites would be assigned the same IP addresses. It is only by 
staying on-line throughout the entire authentication/authorization process that this approach would be 
usable. In addition, the path chosen would not allow the user to specify the communications path and 
method to be utilized, as that has been pre-determined by the system of Messner. 

Because the systems of Khidekel and Messner specify authorization to occur at different points 
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in the transaction process (and Khidekel specifies only access control, and not participation in specific 
transactions), there is no motivation to combine these two references. In addition, Khidekel specifies 
the use of a token (or tokens). Messner uses no tokens, and has no obvious way to integrate the use of 
one in the methods as disclosed. As a further distinction, the instant invention also has no element of a 
token to be used to control access, and, in fact, does not concern itself with the specifics of how a 
connection path is established. Furthermore, the systems of Khidekel and Messner provide no user 
control of the communication path to be utilized, or for the method to be used for requesting and 
confirming authorization for a specific transaction. 

Since all rejections are based on a combination of Khidekel and Messner, Applicant believes all 
claims are in condition for allowance. 



Respectfully submitted, 




By:. 



Dated: November 8, 2010 
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